Date: Sat, 21 Oct 2006 21:21:15 -0700 From: Julian Elischer <julian@elischer.org> To: Brett Glass <brett@lariat.net> Cc: net@freebsd.org Subject: Re: Avoiding natd overhead Message-ID: <453AF1BB.7070507@elischer.org> In-Reply-To: <200610220414.WAA15541@lariat.net> References: <200610210648.AAA01737@lariat.net> <453AEA86.4070103@elischer.org> <200610220414.WAA15541@lariat.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Brett Glass wrote: > At 09:50 PM 10/21/2006, Julian Elischer wrote: > >> one thing that you need to name sure of is that only the packets that >> have potential of being on interest to natd are passed to natd. > > I do. In fact, this is a capability I would lose if I used ipfilters or > pf to do NAT, which is why I want to find a way to use a mechanism > that's triggered by IPFW. > > You were the person who invented "divert sockets," were you not? How > hard would it be to create a mechanism (a sort of "kernel divert > socket") so that kernel modules and/or netgraph nodes could do the same > things which are now done by userland processes listening on divert > sockets? This would boost the performance of any FreeBSD machine that > did NAT (which many if not most do). you can in two ways.. create a netgraph ksocket node of type divert then attach that to a netgraph ng_nat node. OR in 7.0 you can call netgraph directly there is a netgraph keyword in ipfw. > > --Brett Glass >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?453AF1BB.7070507>